Cybersecurity: Ransomware Threats 2018

Furniture World Magazine
Volume 147 NO.5 September/October

By Amitesh Sinha on
9/23/2017

The threat from ransomware promises to be serious for home furnishings retailers in the coming year. If you've already created data backups, you may believe that you've done all you can to protect your business. Just doing this, however is not nearly enough to protect against ransomware.

Billion Dollar Nightmare

Ransomware is a legitimate threat for virtually every business and organization. First introduced in 1982, malware programs have evolved over the years, with modern ransomware strains having the capability to exploit even minor loopholes on the most secure networks.

Once malicious software breaches a guarded network, it encrypts your files at both the server and the machine levels, restricting access to all the important data on your network. What follows is a demand for monetary ransom in exchange for a key that will enable you to restore access to your encrypted files. If you don’t cooperate, you risk losing every bit of important data and information about your business.

2016 is remembered as the "year of ransomware". The security company Sonic Wall reported a record level of malicious software attacks against businesses operating in a number of different industry verticals. 638 million attacks were reported in total (1), collectively forcing victims to pay around $209 million in ransom in the first quarter of that year alone. This is an alarming statistic, one which does not factor in additional losses incurred due to:

Operational downtime.

Resourcing of staff to resolve the problem.

The replacement of hardware to restore the system.

When you do the math, the reported cost rises to more than $75 billion per year. (3)

Since 2016, the incidence rate of ransomware attacks in the retailing sector appears to be on the rise.

Why Will Our Industry Be The Next Big Target?

There are three main reasons why many furniture retailers will be prime targets for ransomware attacks in 2018.

1. The Growth Potential Of Home Furnishings

Ransomware programmers direct their attacks to targets that can both afford to pay and where there are vulnerabilities.

The retail home furnishing industry harbors high-growth potential, with the sector expected to be valued at around $111 billion at retail by the end of 2019. This growth eclipses many other retailing sectors, including clothing and department stores, with home furnishings predicted to outpace the sales of each by 10.7 percent and 16.6 percent respectively. (5)

2. The Rapid Integration of E-Commerce:

The furniture industry is rapidly working to integrate e-commerce into retail business models, leaving companies exposed at new and vulnerable points of interaction. As the scope of a company’s on-line operations expands, it acts as an open invitation to hackers to try to gain access.

3.The Industry Is Not Fully Equipped

The e-commerce sector of the home furnishing industry is not mature. As a late adopter of e-commerce and technology, our industry is sadly way behind most other industries in our ability to defend against cyber security threats, both in terms of system resources and user training. This is yet another factor that increases the risk of ransomware attacks.

The first part of this series on Cybersecurity (May/June 2017 issue of Furniture World) related the story of a mid-sized furniture retailer lucky enough to restore data following a Cryptolocker ransomware attack. Data was restored from a backup with minimum data loss. Paying a large ransom was avoided.
Not every retailer is so lucky. In 2015, a ransomware attack (RSA-4096) on a Brazil-based furniture company encrypted the retailer's files. The perpetrators demanded $3,000. (7) The company refused to pay and subsequently lost all their important data, incurring a financial loss of $100,000.

Backups Are Not Enough

Every furniture retailer knows that it's important to insure businesses against physical and liability disasters. It's equally important to take steps to make sure you are protected against virtual dangers. As was mentioned at the start of this article, backing up your data properly is a good start, but it's not all you need to do to protect against ramsomware attacks.

Data Backup: Data backup is the most common practice when it comes to preparing against the potential threat of ransomware.

In a survey conducted by Barkly, 81 percent of the respondents believed their data backup would help them to cope successfully with a ransomware attack. (8)

IT managers and companies, create a secondary storage in reserve, where they regularly store the files. In case of a security breach, they then access this secondary storage to restore business operations back to normal. It's simple, convenient, and easy!

However, according to a survey from Knoll Ontrak, 75 percent of IT managers who had a data backup failed to restore all their lost data after a catastrophic loss, while the other 23 percent failed to recover any data at all. (11)

The reasons for data backup failure are many, from hardware and software problems to human error and network failures.

Backups alone are just not enough, so retailers must implement additional safety and security protocols to prepare and protect all important data.

A Holistic Strategy

A holistic strategy is required to protect your digital assets from malware. The essential elements, that should form part of every business owner’s cyber security strategy, include:

1. Employees, the first line of defense: Employees are the most vulnerable part, of any implemented cyber security program. They often invite ransomware attacks when they click on compromised e-mails.

Furthermore, their browsing practices also make them the ideal target of ransomware programmers and cybercriminals. It is important that retail furniture owners provide regular means of training so that the potential attack risks can be mitigated.

2. Systems must be continuously upgraded: keeping retail systems upgraded is one of the most effective ways of protecting digital assets against ransomware attacks. This means updating your OS and patching up your drivers with the latest software in a timely manner.

3. Follow right practices when implementing data backup systems: Follow the right practices during the creation and maintenance of data backup systems. Apply the 3-2-1 strategy when creating backups (three copies of data on two different types of storage devices, with one being located off-site. Also, schedule weekly or monthly recovery runs to ensure that your backup system is functional and running. Regularly monitor and sort the stored data to prevent redundant storage.

4. Invest in a cyber security solution: Investing in a solution that protects you against pernicious e-mails, dangerous internet traffic and monitors threats to internal network security will help thwart or eliminate the possibility of going down when hit by ransomware attacks.

Long-term goals should be to look for a system that includes the following features:

A sandbox environment to detonate e-mails with bad attachments or content.

Internet web filtration that takes care of access while working within a corporate network.

Ransomware programmers and cybercriminals will be actively on the lookout to exploit every vulnerability in your computer systems in 2018.

Now is the time to pay attention to insuring your business against data loss. Data backup is an option worth exercising, but it is just not enough as a stand-alone solution. A comprehensive cyber security strategy is required.

Amitesh Sinha is a technology consultant based in North America. With over 20 years of experience developing and deploying solutions for retail, Sinha has gained a reputation for home furnishing software solutions, furniture software, POS furniture software, and re-engineering of software with extended features. His company, iConnect offers business technology solutions that integrate with most P.O.S. systems to make them more efficient and user-friendly. For more information about this article or any retail technology question contact Amitesh at 703-471-3964, amitesh@iconnectgroup.com or www.iconnectgroup.com.
Read other articles by Amitesh Sinha